Access HSTS-enabled sites with HTTP(S) Proxy

Versions 3.0 & 5.0

Applies to platform: UTM all Last updated: 30th October 2017

Recently, a lot of websites were configured to be served over HTTPS only instead of HTTP to improve the security of accesses. Some of them also implemented HSTS, the HTTP Strict Transport Security policy, to secure connections to their servers.

In order to allow devices behind an Endian UTM Appliance to access these sites, there are two possibilities, which will also avoid the display of certificate errors on the client's browsers.

HTTP Proxy configured as non-transparent and disabled HTTPS Proxy. This is the easiest configuration, as it does not require any further configuration on your Endian UTM Appliance. The drawback, however, is that you can not filter HTTPS traffic.

HTTP Proxy configured as transparent and enabled HTTPS Proxy. This set up is suitable if, besides allowing access to HSTS sites, you need to filter HTTPS Traffic. The drawback, in this case, is that you need to enter the HSTS sites under the whitelist Proxy >HTTP Proxy > HTTPS Proxy > Bypass HTTPS proxy for destinations (domain name/IP address).